MacBook users are being warned their Apple laptop batteries are vulnerable to being hacked.
After studying the batteries in several MacBooks, MacBook Pros and MacBook Airs, security researcher Charlie Miller found that Apple laptop microcontroller chips are shipped with default passwords that, once discovered, can be used as a hiding spot for malware as well as a conduit for disabling the battery and even blowing it up.
“These batteries just aren’t designed with the idea that people will mess with them,” Miller told Forbes. “What I’m showing is that it’s possible to use them to do something really bad.”
Using passwords associated with a 2009 Apple software update, Miller was able to permanently disable several batteries, manipulate readings sent to the operating system and charger, and completely rewrite the chip’s firmware.
He said a culprit could install malware on the chip to infect the rest of the computer and steal data, control its functions, or cause it to crash. And even though the batteries he studied have safeguards against explosions, he thinks it would be possible to remotely cause them to explode on command.
What complicates the issue is that Apple notebook batteries are built-in instead of removable.
“That change began in 2009 with the 17-inch MacBook Pro, and trickled down to the other models, resulting in considerable battery life gains at the expense of easy replacement. This means if a battery were to somehow be compromised, it’s a trickier fix. At the same time, it means potential attackers need to gain control of that system before they can do anything, short of taking apart the machine,” writes Josh Lowensohn for CNET.
Here are some tips to avoid problems.
–Only accept installs or updates that you’ve researched or scanned with security software.
–Never trust spam email.
–Be very wary of pop-up windows that suggest an update.
–Stay away from illegal file-sharing services.
According to The Huffington Post, Miller said most users should not be overly concerned about a hacker taking over their laptop battery. And Apple Insider reports that Miller believes Mac OS X security is better than ever before in spite of his findings.
Miller, who works for security firm Accuvant, plans to discuss his findings at the Black Hat security conference in Las Vegas next month.
Prevent Malware With Smart Online Behavior
The single biggest factor in preventing a malware infection on your PC is you. You don’t need expert knowledge or special training. You just need vigilance to avoid downloading and installing anything you do not understand or trust, no matter how tempting, from the following sources:
From a website: If you are unsure, leave the site and research the software you are being asked to install. If it is OK, you can always come back to site and install it. If it is not OK, you will avoid a malware headache.
From e-mail: Do not trust anything associated with a spam e-mail. Approach e-mail from people you know with caution when the message contains links or attachments. If you are suspicious of what you are being asked to view or install, don’t do it.
From physical media: Your friends, family, and associates may unknowingly give you a disc or flash drive with an infected file on it. Don’t blindly accept these files; scan them with security software. If you are still unsure, do not accept the files.
From a pop-up window: Some pop-up windows or boxes will attempt to corner you into downloading software or accepting a free “system scan” of some type. Often these pop-ups will employ scare tactics to make you believe you need what they are offering in order to be safe. Close the pop-up without clicking anything inside it (including the X in the corner). Close the window via Windows Task Manager (press Ctrl-Alt-Delete).
From another piece of software: Some programs attempt to install malware as a part of their own installation process. When installing software, pay close attention to the message boxes before clicking Next, OK, or I Agree. Scan the user agreement for anything that suggests malware may be a part of the installation. If you are unsure, cancel the installation, check up on the program, and run the installation again if you determine it is safe.
From illegal file-sharing services: You’re on your own if you enter this realm. There is little quality control in the world of illegal software, and it is easy for an attacker to name a piece of malware after a popular movie, album, or program to tempt you into downloading it.
Remove Malware With the Right Software
Chances are that no matter how careful you are, you will be infected some day. That’s because malware is designed to sneak onto your computer in ways you can’t possibly foresee. Enlist the help of the following software:
An updated operating system: Use Windows Update. Take advantage of its ability to automatically notify you of updates, or better yet, to automatically download and install updates.
An updated browser: No matter which browser you use, keeping it current is vital to preventing infection. Take advantage of your browser’s pop-up blocking, download screening, and automatic update features.